set ciphers to NULL before calling cert_cb

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6cb405df4ae0fce9bbf34c3af0b7fb9a7837f7a7..28f3bdd6e92259fd74890cead7361d4e9005c8e1 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1357,6 +1357,7 @@ int ssl3_get_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
                        goto f_err;
                        }
+               ciphers=NULL;
                /* Let cert callback update server certificates if required */
                if (s->cert->cert_cb
                        && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
@@ -1365,7 +1366,6 @@ int ssl3_get_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
                        goto f_err;
                        }
-               ciphers=NULL;
                c=ssl3_choose_cipher(s,s->session->ciphers,
                                     SSL_get_ciphers(s));